CVE-2026-40306: CWE-330: Use of Insufficiently Random Values in dnnsoftware Dnn.Platform
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2026-40306 in dnnsoftware's Dnn.Platform involves the use of insufficiently random values, specifically the Host GUID, which is identical across all new installations of versions 10.0.0 to 10.2.1. This weakness relates to CWE-330 and can potentially impact the uniqueness and security assumptions tied to the Host GUID. Upgrades from 9.x.x are not affected. Version 10.2.2 includes a patch that resolves this issue by ensuring unique Host GUIDs for new installations.
Potential Impact
The impact of this vulnerability is that all new installations within the affected version range share the same Host GUID, which could undermine security mechanisms relying on this identifier's uniqueness. However, the CVSS score of 6.9 (medium severity) and the absence of known exploits in the wild suggest a moderate risk level. Upgraded installations from earlier versions are not impacted.
Mitigation Recommendations
Users should upgrade to Dnn.Platform version 10.2.2 or later to remediate this vulnerability. Since the issue is fixed in 10.2.2, applying this official patch is the recommended action. No additional mitigations are indicated by the vendor advisory.
CVE-2026-40306: CWE-330: Use of Insufficiently Random Values in dnnsoftware Dnn.Platform
Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2026-40306 in dnnsoftware's Dnn.Platform involves the use of insufficiently random values, specifically the Host GUID, which is identical across all new installations of versions 10.0.0 to 10.2.1. This weakness relates to CWE-330 and can potentially impact the uniqueness and security assumptions tied to the Host GUID. Upgrades from 9.x.x are not affected. Version 10.2.2 includes a patch that resolves this issue by ensuring unique Host GUIDs for new installations.
Potential Impact
The impact of this vulnerability is that all new installations within the affected version range share the same Host GUID, which could undermine security mechanisms relying on this identifier's uniqueness. However, the CVSS score of 6.9 (medium severity) and the absence of known exploits in the wild suggest a moderate risk level. Upgraded installations from earlier versions are not impacted.
Mitigation Recommendations
Users should upgrade to Dnn.Platform version 10.2.2 or later to remediate this vulnerability. Since the issue is fixed in 10.2.2, applying this official patch is the recommended action. No additional mitigations are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T21:41:54.504Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2a83ebdfbbecc5994f13c
Added to database: 4/17/2026, 9:38:06 PM
Last enriched: 4/17/2026, 9:53:25 PM
Last updated: 4/21/2026, 12:17:54 AM
Views: 21
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.